Norton will likely remove your virus, but also many of your files. If you don't have a recent backup to restore to, you might try Spysweeper with Antivirus, or one of the many other antivirus products on the market. It's not free, but does better separating virus from data.

Unidyne wrote:Malwarebytes produces "Anti-Malware", which I swear by. It's available for a free download (which has to be updated each time you use it), or a pay version can be had which runs automatically.http://malwarebytes.org/mbam.php

There is a very real and formidable virus threat out there right now, mentioned last Friday in USA Today, known as LizaMoon. Very similar to last year's "Antivirus2010". It attaches itself, illegally and unwelcome, to as many websites as possible. When someone arrives at that website, the virus throws up a screen that is made to look just like the one generated by the Windows system, announcing that a virus has been detected and that your computer will now be scanned as a precaution. This is followed by an animation that makes it appear that the scanner is at work going through the computer memory and the like. In fact, the virus is actually planting its own bot into your computer which will, henceforth, announce that your computer is hopelessly infested by a virus and the only cure is the alleged anti-virus program peddled by the people who worked up this scam, so you must order their remedy online with your credit card right away. You won't be able to do anything with computer until you buy their remedy (usually around $50) -- the only thing it's known to do is turn off their own bot.

My advice: Immediately take evasive maneuvers. Although the fake warning screen has buttons that supposedly will stop the scan, the buttons don't work; the warning screen and the animation of a scanning page happen no matter what.

The instant you see this fake warning screen, even if it claims to be in the midst of a scan, get out of the internet. Use the red X in the upper right corner. If need be, use the Windows Task Manager (CTRL+ALT+DELETE) to get out of the internet before this virus finishes sabotaging your system. Then run an authentic anti-virus program -- MalwareBytes is very good for this -- but you must have this program already on your computer, because once the LizaMoon virus has been planted you won't be able to load any new programs.

fortinbras wrote:There is a very real and formidable virus threat out there right now, mentioned last Friday in USA Today, known as LizaMoon. Very similar to last year's "Antivirus2010". It attaches itself, illegally and unwelcome, to as many websites as possible. When someone arrives at that website, the virus throws up a screen that is made to look just like the one generated by the Windows system, announcing that a virus has been detected and that your computer will now be scanned as a precaution. This is followed by an animation that makes it appear that the scanner is at work going through the computer memory and the like. In fact, the virus is actually planting its own bot into your computer which will, henceforth, announce that your computer is hopelessly infested by a virus and the only cure is the alleged anti-virus program peddled by the people who worked up this scam, so you must order their remedy online with your credit card right away. You won't be able to do anything with computer until you buy their remedy (usually around $50) -- the only thing it's known to do is turn off their own bot.

My advice: Immediately take evasive maneuvers. Although the fake warning screen has buttons that supposedly will stop the scan, the buttons don't work; the warning screen and the animation of a scanning page happen no matter what.

The instant you see this fake warning screen, even if it claims to be in the midst of a scan, get out of the internet. Use the red X in the upper right corner. If need be, use the Windows Task Manager (CTRL+ALT+DELETE) to get out of the internet before this virus finishes sabotaging your system. Then run an authentic anti-virus program -- MalwareBytes is very good for this -- but you must have this program already on your computer, because once the LizaMoon virus has been planted you won't be able to load any new programs.

Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.

Last edited by Arthur Rubin on Tue Apr 05, 2011 8:49 am, edited 1 time in total.
Reason:Added F-Secure as a source of information

Arthur Rubin wrote:Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.

Not so -- based on the experience of my sister. She knows enough not to download and/or install ANYTHING new without first checking with me. When she encountered the fake "Windows Security" virus warning, she tried all the normal methods to get out of it (click "Cancel", hit the "Back" button, close the window), yet she still got infected.

I spent probably 6-8 hours over a three day period getting it cleared up. Each time I thought I finally erased all the files and registry entries, after reboot it was all magically back! ARGH, that was frustrating!

I finally found the answer on the Malwarebytes forum. It involved a combination of programs used in a very specific series of steps.

My one reliable piece of advice about this scareware is do not let it continue on your computer. It uses a pre-arranged animation to make it look like it's scanning your system but it is actually using the time and access to load the virus onto your system. Although it pretends to have buttons giving you a choice of scanning or not, they either don't work or are disguised to make your computer believe that you approve the loading of this virus. This means you must be alert and act quickly when this scareware starts.

Arthur Rubin wrote:Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.

Not so -- based on the experience of my sister. She knows enough not to download and/or install ANYTHING new without first checking with me. When she encountered the fake "Windows Security" virus warning, she tried all the normal methods to get out of it (click "Cancel", hit the "Back" button, close the window), yet she still got infected.

I don't know your sister, so I'm willing to believe the WebSense article, even if they differ. No offense intended.

(1) The AARP newsletter sided with my advice to get out of the internet as quickly as possible - without bothering to click either of the two buttons provided by the scareware - and then run your own antivirus software immediately to make sure that your computer is clear.

(2) Until now the Macintosh/Apple computers were relatively free from this menace because either not popular enough to tempt hackers or at least not popular enough among hackers that none of them learned the Apple system to spot the vulnerabilities.

As an update, I had a scareware virus attack yesterday, very diabolical.

Evidently as part of a website, a file pretending to be from the Microsoft Corp presented itself, and since it claimed to be from Microsoft I assumed it to be one of the innumerable updates to any of several Windows features and allowed it in. Instead it emulated the other scareware viruses, repeatedly blocking every screen with a "warning" that my system was infected and my option was to buy the remedy online which purported to be a Windows XP anti-virus program -- the scareware would not let me refuse or bring up anything else on the internet. It evidently was either new enough or cleverly contrived that the real anti-virus programs on my computer could not see it or remove it, but finally by going back to an earlier recovery checkpoint I got it out of my system.

I had another attack of scareware, this one a fake antivirus program called "Security Shield" which was evidently activated by arriving at an infected website. As with some others, it starts by appearing to be an authorized Windows-provided virus warning, unlike some others it doesn't require you to click on anything or do anything to infect your computer. Once implanted in your computer it blocks every sort of internet activity with a panicky warning of multiple infections which can only be removed by buying their software online - in reality, the multiple infections don't exist and this software removes no malware except (when the ransom is paid) itself.

Security Shield is diabolical because it not only blocks every bit of internet contact but also seems to block a good deal of installed remedies, such as Task Manager. The remedy -- I had to find it on the internet by using my sister-in-law's computer -- involves rebooting the computer into Safe mode, and running MalwareBytes (and it may help to go back to a previous recovery point).

Theres actually quite a few viruses out there that do the same thing and along the same lines. Micro AV is a big one that pops up every now and then. It basically disables your computer access, overrides things like windows explorer and locks you out of your start menu functions. Best way to get rid of it is to have a program like Malwarebytes on your desktop, but there are strains of it that will auto-detect most legit anti-viral software and will block them from opening. An easy way around that is to load it and save it under a different file name and in an unusual location, like in a G drive instead of C drive in program files where Windows will automatically will install it. I use Malwarebytes and S&D and have for years. One thing about Malwarebytes if you do wish to pay for it you can set it up to do automatic scans instead of manual scans.

Lift me up above this, the flames and the ashes,Lift me up and help me to fly away.Lift me up above this, the broken, the empty,Lift me up and help me to fly away,Lift me up!

Thank you Web, wasnt thinking about that when I posted it earlier. S&D is an entirely free, constantly updated anti-virus. They do ask for donations, which I have sent a few dollars their way over the years Ive used it but not required. It is a good supplement to Malwarebytes program.

Lift me up above this, the flames and the ashes,Lift me up and help me to fly away.Lift me up above this, the broken, the empty,Lift me up and help me to fly away,Lift me up!

Thank you Web, wasnt thinking about that when I posted it earlier. S&D is an entirely free, constantly updated anti-spyware. They do ask for donations, which I have sent a few dollars their way over the years Ive used it but not required. It is a good supplement to Malwarebytes program.

Fixed it for you. I know it seems like a minor quibble, but spyware is not the same as a virus despite the fact that both are incredibly annoying and sometimes difficult to remove. It should also be noted that an anti-virus program's main focus is prevention (their ability to effectively remove an infection is lacking) and an anti-spyware's main focus is removal (some offer the same behavior of prevention that an anti-virus does, but it slows down the system severely). That being said, there is an overlap between the two. Anti-viruses will often pick up spyware trying to infect your system while anti-spyware will often remove viral infections. But one is never a substitute for the other which is where the spirit of my correction lies.